Facebook source code leak 'not a security breach'

Facebook is downplaying the impact of a misconfigured server over the weekend that revealed the source code powering the social networking site, saying it posed no threat to data security.

Jeremy Kirk, IDG News Service
August 13, 2007

Share

Twitter

Facebook

LinkedIn

Google Plus

Facebook is downplaying the impact of a misconfigured server over the weekend that revealed the source code powering the social networking site, saying it posed no threat to data security.

Nonetheless, Facebook warned that republishing the code was against the law as copies of it proliferated on blogs and other websites. The blog Face book Secrets is widely credited as first publishing the code.

"It was not a security breach and did not compromise user data in any way," according to a post by Facebook spokeswoman Brandee Barker on the Techcrunch blog. "The reprinting of this code violates several laws, and we ask that people not distribute it further."

If an Apache web server is misconfigured, it's possible for the server to publish files of PHP – a programming language used to create dynamic web pages – as regular text files, said Ronald van den Heetkamp, who runs the blog "The Hacker Webzine."

Social networking sites have become an increasing security concern due to the vast amounts of personal data that could potentially be used for identity theft and other scams.

Commentators on Facebook Secrets differed somewhat over the significance of the code's release, which some characterised as a sloppy smattering of PHP to others who found the code an intellectual curiosity.

"There is nothing special or unique for you to see here, just the working framework for a PHP-built site," wrote a commentator under the name "Azzam." "Anyway, the media has played some hype on you and the leak is nothing but a tech glitch."

Others who saw the code generally agreed with Facebook's evaluation of the mistake.

"This is hardly any threat to Facebook, as this source code exposes nothing overly sensitive other then their naming conventions of functions and objects," wrote a user under the name Shelley. "That said, as a programmer, I did enjoy the chance to see how some people approached making a social site like that from a logic stand point. Good read!"